naphtaliThey are currently being punished with KnowBe4
Passw0rd1sOv3rU5is there a windows 10 channel?
jcottonWell it covers all supported client versions of windows
_Zen_Master__I have a question about EMET.
_Zen_Master__After end-of-life in july this year... Will it uninstall automatically with some update or do I have to do it manually?
CptLuxx"[14:17:28] <Todden> All i know is its blue and like cmd if it went on steroids"
anexitHowdy, we have some clients using outlook 2010 with exchange 2016. Some reason if you go into 2010 and look at junk email options, everything is greyed out but "disable links and other function.."
compu_85probably because outlook 2010 isn't fully supported anymore
anexitI don't even see a GPO setup on this domain either, maybe incompatability?
DralockA GPO setup?
compu_85hmm, so is MS saying to use AD based activation now instead of KMS?
weqcompu_85: they are giving you an option atleast.
anexitawesome, so upgraded the client machine to 2016 outlook and it works.
compu_85I'm looking to roll out KMS
compu_85but now it looks like AD based activation might be the better option
anexitany mobile users?
compu_85domain joined, and they use VPN
anexitMaybe use MAK
compu_85heh, that's the problem... everything is MAK right now
compu_85and MS is being a pain about resetting the MAK keys
compu_85most machines are desktops
compu_853500+ are desktops
anexitYeah, I would setup kms on the desktop and then laptops use MAK
weqif they are a members of the domain it is pointless to use MAK on laptops imo. Cause they will have issues with AD long before the machines get unlicensed.
weqSo it is just more administration overhead with MAK.
compu_85weq, that's what I was thinking
weqwe have 60k machines mix of desktops and laptops and only use KMS.
compu_85ADBA looks like it's a lot simpler to administer than KMS was
compu_85and everything I need to activate is win 10
weqit is newer also.
compu_85i don't need to activate any 7 machines
anexitOnly downfall to mak is if the computer crashes. Other than that it's pretty darn good for those people on the go.
anexitI believe the ratio for MAK is 1 out of 5?
r1ppaI always have a bit of a struggle with giving "Send as" perms for a distribution list, but it seems that it may be my admin user I am testing with
r1ppais there some protection when an admin tries to get this permission applied? does not make sense to me that a heightened account would have less privileges
r1ppabut sure enough, I get a brand new user apply the normal steps, and it works immediately, how do I verify exactly why my administrative user is being rejected?
CptLuxxyou know it takes some time r1ppa ?
ltguidewe have a GP that is being denied for "False WMI Filter"
ltguidethere's no filter set on the policy
CptLuxxwhat is the question?
r1ppaCptLuxx, for sure, I waited 24 hours. So the request was to give Send as to 5 users, so I include myself in these requests to test it myself. This fails most of the time for me, tried it to a basic user, and it works within 30 seconds....I am at a loss this is so inconsistent
ltguideThis GPO is linked in the following WMI filter: <none>
CptLuxxi still dont get the question ltguide
ltguideMSFT_SomFilter.ID="{55063A45-C2BE-4BE1-88C7-7E74B1C3DADC}",Domain="domainhere.local" False
ltguidehow do i test that filter?
ltguideit's not a normal wmi query i can just run
r1ppabut apparently the other users can Send as just fine, so the steps work....just not for me, and my account is tied in with built-in admins, so I assume it has to do with heightened privs on my part. bad to assume yes, but this is weird, any way to read logs to identify the real issue here?
ZewwyExcuse my ignorance, but Server 2008 R2... It uses FRS or DFSR? or does it support both?
CptLuxxfrs when you migrate from 2003
CptLuxxdfsr is when you dont migrate..
ZewwyMhhmmm. I wasn't here when the old domain was uild so I'm not sure
Zewwyis there a way to query?
CptLuxxhyper hyper
ltguideso i'm looking at other policies with no wmi filter applied and they dont have the gPCWQLFilter attribute
ltguideshould i just remove it?
CptLuxxi never seen a wmi filter like this..
ltguideyeah, i'm looking at a policy with a wmi filter and it has that attribute and the guid matches the actual "wmi filter" guid in ADSI
ltguideso this policy glitched somehow
ZewwyChecking DFSR util (dfsrmig.exe /GetGlobalState returns "DFSR migration has not been intialized
ZewwySo that mean I'm still usinf FRS for now?
ZewwySo why can't I see th BurFlags in the Registry?!
Zewwywrong key
CptLuxxwhere is naphtali so much good stuff today
ZewwyFeels like a Monday morning
CptLuxxpowershell is just cmd in blue.. burflags..
Zewwyhardy har har
blkshpdoesnt have to be blue!
furmeladepwsh.exe is black
ZewwyThanks CptLuxx and Semt-x
Zewwyworked a treat
Dus10I would check to see if the NT4Emulator value is set in the registry on the old DCs
Dus10something I learned about yesterday
CptLuxxthat again
Dus10I am actually surprised that I haven’t seen issues come up related to it
Dus10It basically tells your 2K3 DCs to not offer up Kerberos
Dus10Pretend to be NT4 DCs
Dus10It was meant to solve the “piling on” problem with Kerberos-capable clients when upgrading from an NT4 style domain
Dus10Basically, as soon as you install a Kerberos-based DC, all of the Kerberos-capable clients would authenticate against it, which could cause problems until you have enough newer DCs
Dus10Back in those days, I was never in charge of AD for a larger organization
xyxxymy colleague is going to spin a hyper-v machine for me to connect to. i want to know if i can connect to the hyper-v machine via remote desktop?
Dus10The ones that I was in charge of were only 2-5 DCs to begin with
Dus10Xyxxy: sure, it is running Windows with Remote Desktop Services enabled, no?
xyxxyDus10, excellent. How would I "transfer" a file from the Hyper-V machine to my computer?
furmeladecopy paste
furmeladevia RDP
furmeladeor enhanced session mode
CptLuxxor smb
furmeladeor powershell direct
CptLuxxor an installed sftp server
CptLuxxor webdav from the iis
furmeladeor ftp
CptLuxxor tftp
furmeladeor screenshot it
CptLuxxpaint a picture
xyxxyScreenshot it is.
jaelaeanyone have the displeasure of having to use SOHA to connect to their servers?
xyxxycan i install virtualbox on a hyper-v machine?
CptLuxxwhat is the purpose?
naphtaliGood morning admins of renown
naphtaliAnd Luxxi
xyxxyCptLuxx to run linux.
CptLuxxthen use hyperv?
CptLuxxyou got already hyperv... just make a linux vm
xyxxySpin up Hyper-V then install VirtualBox
CptLuxxi dont get it..
xyxxyTo run linux in the virtual box
furmeladerun linux in hyperv
xyxxyWhat distro does it use? (Sorry, I've never used Hyper-V before.)
CptLuxxhello sir naphtali
xyxxyAh, so you're saying that once I RDP to the Hyper-V machine, I'd just use Hyper-V to create a Linux VM? No need for Virtualbox?
CptLuxxit is already an hypervisor
CptLuxxno need for virtualbox srsly
compdocyou want to run a vm inside a vm. might work, but might not work well. try it. be interesting
CptLuxxits called nested hypervisor
CptLuxxand it is mostly fine
xyxxySo I'd "install" an Ubuntu machine on hypervisor? Am I using the word install correctly?
CptLuxxyou .. know what a hypervisor is?
Dus10works in Azure
xyxxyCptLuxx, nope. I've never used it before.
CptLuxxvirtualbox is a hypervisor
xyxxyOkay, I get it now.
Dus10look up virtualization and read about it
xyxxySo "spin" is the correct word.
xyxxyACTION reads
naphtaliLuxxi, what was that other hypervisor you would jokingly recommend?
CptLuxxits the best
CptLuxxbochs even runs on android
CptLuxxso you can use win95 on it!
naphtaliIs there are large need to run VMs on your phone?
CptLuxxin my dreamworld yes
jcottonIt's a "why not" kind of thing
naphtaliYoungsters with too much time on their hands
naphtaliI meet with a potential new client today who classifies internet failover as walking around the office and changing the static gateway on all the machines to point to the other router
naphtaliI am pretty sure even NLC can do better than that
CptLuxxim patching an exchange 2010 right now..
CptLuxxsp1 is already installed
naphtaliSP3 only has fixes for stuff like languages
naphtaliAnd you only use English, so it's low risk
CptLuxxand sp2 for sign language?
naphtaliDoes Exchange 20xx support .NET 4.7 yet?
subvhomeI have an OU with two users. user1 and user2 . The OU has 2 GPO's . GPO1 and GPO2. GPO1 maps drives L: M: N: to all authenticated users. GPO2 maps Y: and Z: to only user2 using security filtering. When I log in user1... i get L: M: N: ... user2 get L: M: N: but not Y: Z: ... not sure what im doing wrong
naphtalielectricmilk, what are you working on today?
electricmilknaphtali, Pretty basic stuff. Internet went out for one of the buildings. Dust was the culprit. Setup some workstations with a new printer. Setting up our help desk ticketing system to work for our maintenance guy.
naphtaliWhat ticketing system? Exchange?
electricmilkI use it for IT support tickets. Now my boss wants to use it for our maintenance guy as well
electricmilkWas getting infested with SPAM though even though I had Captchas enabled. Had to block all emails from outside the organization...only had one spam message since then. Darn spammer spoofed one of our email addresses
electricmilkbut hey the price is right(free)...and the support is amazing.
CptLuxxnot this again!
CptLuxx subvhome read
CptLuxxyou need to add authenticated users back.. or give the computers the right to read
XV8Quick question for anyone that knows. Is the only way to install .cab updates to an online image is through the use of DISM/Unattend file?
XV8We've tried using WSUS-Offline for updating the images on our closed network, but it sits around forever and doesn't seem like it does anything.
subvhomeCptLuxx: Thanks for a solid answer! Didn't realize that.. thanks!
MrMojit0What is a better solution for deploying with MDT. Include the software within by task sequence or install the software later with GPO?
CptLuxxgpo software deployment = evil
BobFranklymrmojito: install later via slave labor
BobFranklyif you don't see any slaves, I'll bet you'll find one in the mirror :P
MrMojit0CptLuxx, clear answer
MrMojit0BobFrankly, I will tell my colleagues´s to start early tomorrow
pxedMrMojit0, Task Squence (if able to be done easily, some software is a pain). Save the slave labor for when you really need it.
CptLuxxtoday in ##windows "[14:17:28] <Todden> All i know is its blue and like cmd if it went on steroids" topic powershell
weqMrMojit0: if you mean to install software after the OS deployment and maintain the client that is a feature of SCCM.
MrMojit0pxed, Thank you for informing me. weq, there is no money for SCCM so there needs to be an solution like MDT+WDS
BobFranklyCptLuxx: lol
BobFranklyif cmd went super sayin blue, that would be powershell
weqMrMojit0: you don't have any system center products already?
MrMojit0Don´t have the bucks for that, so no unfortunately not
ZewwyDus10: no 2k3 DCs
naphtaliAren't CMD and PowerShell the same thing?
naphtaliBoth run .bat and .vbs
Zewwy? CMD and PoSh same thing... nope
ZewwyPoSh can run CMD in the backend but not always 100% a good example is notice how sc command breaks in PoSh unless you specify .exe
CptLuxxit was joke Zewwy
naphtaliMuch like SQL and Access both use .mdf files. Therefore they are equal applications
ZewwyYes MrMojit0 You'll see people abrv as such
ZewwyCptLuxx: I didn't catch the back chat
ZewwyThanks hahah
MrMojit0Zewwy: Thanks I have updated my brains to remember that :P
ZewwyNo worries, i, myself only found out about it a lil while ago
justdiverI have a CIFS share that I need to segment off. When I put an ACL on my switch to do so, it correctly blocks access, but the allowed vlan takes like 2-3 minutes to open the share. I think this might be something with the share machine reaching the DCs or vice versa? Someone else speculated it might be DNS related. Any thoughts?
justdiverI'm allow 135-139 and 445 on the ACL.
naphtaliI have a thought, why not just use NTFS permissions to secure access?
CptLuxxthat.. sounds crazy naphtali
justdiverit is secured with NTFS permissions. looking to tighten it more. if one of the accounts with permissions gets compromised, i'd like to limit the scope further
LewsThanThreeProbably the wrong place, but I need to archive a lot of email for a customer that uses O365, in such a way that multiple users have access to the archive. Any thoughts?
sideonehad an issue where a remote office lost its vpn and couldnt couldnt resolve internet addresses as the clients were pointing to our servers. is it possible to setup dhcp to look at *.local on our internal dns servers else $public DNS ?
CptLuxxits called
mykyhi guys i have problem wuith my server 2008 r2 it failed during update. It is try to install IE11. But IE11 is already installed. Any advice ?
sideonenice, so if internal dns servers arent avail, the client would look at the external? (*.local would be down in this scenario)
CptLuxxconfigure your dhcp
CptLuxxto handle out a second dns
sideonehow do i set what resolves to which server? if resolves to both internal/external as the same name, but diff targets, how would i weight or set rules for which server is used to resolve? internal have rfc1918 addr's while external doesnt.
sideonebeen looking at dhcp scope options (win), but dont really see what im looking for.
naphtaliLewsThanThree, what about creating a Shared Mailbox and enabling Archiving on it?
CptLuxxthat is crazy talk
CptLuxxlet me sell him mailstore
naphtaliIs that a product?
naphtali"MailStore Server is one of the world’s leading solutions for email archiving, management and compliance for small and medium-sized businesses."
naphtaliHow come I have not heard of it until now
CptLuxxits german
naphtali"mailstore" is Microsoft's cute name for the database
naphtaliI don't like them taking the name
CptLuxxwe just write that on our websites to make it sounds like its a big product
naphtaliAre they related to Starface?
CptLuxxcould be
CptLuxxa big family
sideoneCptLuxx; i can vouch for it. i evalulated 5 other products, 3 indepth trials. each one had many issues. mailstore was the only one that i could trust to do what it was supposed to do.
naphtaliMailstore does mention GDPR which is probably more than Starface
sideonebeen on it for about a year now
efsnablewht the best solution
efsnableto monitor employee activity
CptLuxxfor not hitting enter after 2 words
furmeladeisnt this the 10th time you ask this already efsnable?
CptLuxxit is and we dont support that efsnable
efsnablei need to monitor my employees activity
CptLuxxbecause it most countrys it is illegal
efsnableit's legal here
CptLuxxwhere are you? niggeria?
furmeladeplace webcams behind them
weqefsnable: it is not a topical matter for this channel.
efsnableI live in Iran
furmelade... lol
efsnablei married my cousin
naphtaliI support monitoring employees
furmeladei monitor them by pinging them
furmelade"do you still work m8?"
mykyany expert on failing windows update?
LewsThanThreeReset updates?
CptLuxxmore informations
BobFranklymyky error number?
BobFranklyalso: OS?
CptLuxxmaye the updatelog?
CptLuxxor eventlog
BobFranklyACTION just ran into a 2008r2 issue where the system tray was filling up with blank icons and blocking updates
mykyBobFrankly: 2008 r2 i can give you log from dism
CptLuxxthat is always funny
BobFranklynot the word I'd choose
naphtaliHow come there are no BobFrankly had to deal with an end user story?
BobFranklynaphtali: rephrase please? English this time?
LewsThanThreenaphtali, re: your answer above, my coworker saw something in the TOS that it could be a usage violation to do archiving for multiple users into a shared mailbox.
LewsThanThreeAnd, thanks for the MailStore link, we'll look into it.
LewsThanThreeLooks like a good solution.
BobFranklymyky, I got nothing
mykyBobFrankly: thanks :
BobFranklyyour welcome, for nothing
myky BobFrankly :) no worries. it just failed to install IE11 but IE is already installed.
mykyi hit enter before finish sentence
BobFranklyobviously you've rebooted and tried again
mykycouple times
naphtaliLewsThanThree, I must have misunderstood how you were going to use the shared mailbox. I have converted many ex-employee mailboxes to shared. These boxes are then accessed by multiple, currently licensed O365 users.
naphtaliYou want to archive currently active users into a shared location?
LewsThanThreeYea, they have active users, and get a crapload of emails.
naphtaliBob, I meant a story about you helping an end user directly
naphtaliMaybe that is a foreign concept :_)
naphtaliLewsThanThree, I think you want In-Place Archiving
DralockOk so server 2016 attempt 3 to get hyperv installed without bricking the operating system!
LewsThanThreeWHy would it brick the system?
CptLuxxhow did you do that?
LewsThanThreeFirst impression is that the HW doesn't support it.
Dralockby running the role install wizard and rebooting!
theunpaidBillThat's impressive Dralock
theunpaidBillI have done that install and it didn't even hiccup
DralockFirst time installing on this model server though.
theunpaidBillOk gents, I have an on-prem Exchange server that used to host my mailboxes. All mailboxes have moved up to O365. Any reason to not change my MX record to skip the on-prem and go straight to O365?
DralockDo you have a spam filter?
theunpaidBillWell technically I'll change the destination for my cloud spam filter service, but same effect
DralockYou will need to set up your send and receive connectors
DralockDepending on the mail flow you want
theunpaidBillThe on-prem servers still have to send stuff
Dralockbut you have to set up your route from the o365 environment back down through your hybrid server
DralockIf that's the route you take, there's multiple ways to set up the mail flow
theunpaidBillWhat is the purpose of routing outgoing through the on-prem?
Dralockfor your devices?
Dralockprinters and stuff can still target the hybrid server to relay through your o365 environment.
DralockI'm not sure of any scenario where you would be sending mail back down to your on prem environment instead of to a cloud mailbox.
DralockIf there are no mailboxes :)
Dralockso I'm hearing beeping in the racks. I'm immediately freaking out as I haven't gotten any monitor alarms for hardware issues. I dive in and finally track down which machine it is. It's got a damn fax modem installed!
theunpaidBillBecause that's useful
Dralockits medical, faxing is still very much HIPAA compliant
theunpaidBillYou have my condolences for having to deal with HIPPAA
DralockWe have to support multiple faxing options here.
LewsThanThreeSigh. Re: co-worker, can we just fire him already?!
theunpaidBillI'll do it
LewsThanThreeHe's literally as useful as a monkey on wheels.
LewsThanThreeMy boss is fed up with him as well.
LewsThanThreeJust need to find a new guy to replace him first.
Dralockblah the install tanked again.
LewsThanThreeDralock, virtualization is enabled?
LewsThanThreeBoth in BIOS and OS?
Dralockeven if it isn't, 2016 will still boot
Dralockyou just can't start the service
LewsThanThreeApparently not in your case.
LewsThanThreeNever had a Hyper-V install fail like that
DralockGood for you, now you can hear a story about how one has, what went wrong, and how I fix it. as soon as I do.
LewsThanThreeThat would honestly be awesome.
LewsThanThreeYay for more troubleshooting skills!
CptLuxxyay for a blog post
Dralockprobably be two lines
LewsThanThreeKnowing M$, it'll be two powershell lines, enabling something. Or disabling.
DralockI'm sure there is a service update that is trying to install and/or a hardware issue like LewsThanThree is saying.
LewsThanThreeYea, HW is what my intuition is screaming.
LewsThanThreeWhat model server?
LewsThanThreeAnd you said 2016?
DralockProliant DL320e v2 gen8
DralockI haven't googled yet, that's the next step after this reboot I'm doing right now.
LewsThanThreeImma assume you applied all updates before flipping the switch on Hyper-V.
LewsThanThree^ lol
DralockCptLuxx: Da
DralockIs good thread
LewsThanThreeOh hey look:
LewsThanThree"Ensure ROM settings are configured with VT enabled and VT-D disabled before enabling the Hyper-V role."
Zewwylolol CptLuxx you crack me up (back chat, RE: It's called a forwarder)
DralockMan I love spiceworks
Dralock"Did you try throwing a shoe at it???"
Dralockanyway, that will most likely be the answer
CptLuxxcase closed
ZewwyWT... Vt-d has to be disabled?
Dralockmaybe, we will see, I'm not sure that will be the end of it at this point. also, I need to find if there is a service pack to fix the problem.
DralockOn Proliant gen8 equipment it seems Zewwy
ZewwyI run VMware on that hardware
Zewwyno problems
DralockMy Gen9 and gen10 servers did not have the same issue.
LewsThanThreeZewwy, yea, saw a few posts mentioning it for that specific make model and version.
DralockI ran 2012r2, but it probably has to do with the hyperv code
DralockAnd vm nesting
Zewwywerid, Hey we'll allow you to hypervise on this hardware, no device passthough though
ZewwyYou'r SOL on that feature
DralockI don't use it anyway, still.
LewsThanThreeZewwy, keep in mind VMWare's method is different than Hyper-Vs.
Zewwyyeah for sure
ZewwyTotally are different
Zewwybut that hardware should be supported
Zewwyfor both hypervisors
LewsThanThreeACTION shrugs
DralockMS cares less and less about legacy hardware
ZewwyACTION joins in, shrugs
LewsThanThreeNot much we can do.
CptLuxxgen8 is legacy?
ZewwyIt's not that old
Dralockit's two generations behind
ZewwyI'm still running G7's with iLO 3
DralockI'm still running two gen7's myself
Dralockabout to replace them though
ZewwyYeah, going to too, eventually
LewsThanThreeI'll take one!
DralockYea, OS is trashed. Reinstaling.
LewsThanThreeMy gaming rig is my Hyper-V host >_>
Dralockoi typing is hard
Zewwystarnge... you sure no underlying hardware issues?
LewsThanThreeIt's monday. You're forgiven.
ZewwyLewsThanThree: My odl gaming rig is my VMware (ESXi) host :P
DralockMy gaming rig is a core2duo e8700 series.
LewsThanThreeI mean, this is a good rig, doesn't bat an eye, but still.
Dralockcome at me!
CptLuxxwe are drifting away from the topic
DralockNot really, I was about to say I can't virtualize on it
LewsThanThreeNot a chance.
LewsThanThreeYou dropped your #
DralockIt would be nice to virtualize though.
ZewwyOnly when I work out
DralockIf I could pass through to the hardware, I could run services for my house.
DralockOne thing I really like about 2016 is how fast it installs, even on bare metal.
DralockIn the time it's taken to get off topic and come back on the install is over half done
LewsThanThreeYea, they've done wonders on that.
LewsThanThreeI remember back when installing Windows 98 would take 45 minutes.
LewsThanThreePre-98SE even.
Dralockwow thats fast
Dralockmy 2003 installs would take 20+ hours
theunpaidBillWin95 was about an hour with CD or about 3 days with disks
Dralockto be fair most of that would be wrestling with services.
LewsThanThreeACTION shudders
DralockYea, now that you just run a deployer as an installer, it's super quick.
DralockSo, nine minutes from media boot to final reboot + configure
theunpaidBillOk, well I switch my mail flow over and everything seems happy
BobFranklyintel still in a holding pattern on microcode updates?
naphtaliI would appreciate an admin of a large Citrix environment to test the newest Intel microcode updates
naphtaliI have not seen this issue in a while
naphtaliProbably because the AOL users who complained have passed away
spjps2009Hello, I need some help with exchange server